Chinese hackers have been penetrating the Indian government’s computer systems and those of some universities since 2012, California-based Internet security firm FireEye said on Friday. FireEye said the intruders seemed especially interested in information on Tibetan activists and a border dispute between India and China.
The announcement comes just days after Indian and U.S. officials held their fourth “Cyber Dialogue,” meant to enhance the two nations’ cooperation on cybersecurity and Internet management.
The intrusion was facilitated by “phishing” emails sent to government officials. A Word document that included a script called “Watermain” was attached to the emails. The document appeared to relate to regional issues, but when victims opened it, the Watermain script was activated and allowed the hackers to access systems remotely.
A spokesman for FireEye told AFP that the group behind the penetration is “well-resourced and works around the clock.” The spokesman also said there were “indicators in their malware that the group behind it may speak Chinese.”
Three years is an unusually long period for a perpetrator to access a government system undetected. The breach of the U.S. Office of Personnel Management announced in June was discovered in April, four months after investigators said it began in December 2014.
The precise group behind the attack wasn’t immediately clear. A government-backed Chinese group known as “Deep Panda” is thought to be responsible for a substantial number of the breaches conducted against governments worldwide, but FireEye has said they were likely not responsible for the OPM breach, and has not suggested the specific perpetrator in India.
“Collecting intelligence on India remains a key strategic goal for China … and these attacks on India and its neighboring countries reflect growing interest in its foreign affairs,” said Bryce Boland, FireEye’s chief technology officer for the Asia-Pacific region.
FireEye has been monitoring Deep Panda since 2013.
India, which spent $7.76 million on cybersecurity in 2013 compared to $4.7 billion by the U.S., has nascent cybersecurity infrastructure. Indian officials coincidentally met with U.S. officials in Washington this month for their fourth conference on cybersecurity, and have scheduled the next meeting to take place in 2016 in New Delhi.
India’s neighbor has been incredibly successful at accessing systems in the U.S. over the past year. In addition to suspicions that it was behind the OPM hack, China has been linked to breaches this year at health insurer Anthem; United Airlines; the engineering departments at Penn State and the University of Connecticut; and the University of Virginia, in an apparent effort to target two faculty members in an incident that was made public last week.
China has taken issue with India’s Tibetan community since 1959, when Tibetans staged an uprising in response to fears that the Chinese were planning to abduct the Dalai Lama. He fled by foot to India, and has stated that — contrary to tradition — the next Dalai Lama will not be born in China. The Chinese government has disagreed and said it will take responsibility for determining his replacement.
